US20030079078A1 - Confirmation of secure data file erasure - Google Patents

Confirmation of secure data file erasure Download PDF

Info

Publication number
US20030079078A1
US20030079078A1 US10/042,429 US4242901A US2003079078A1 US 20030079078 A1 US20030079078 A1 US 20030079078A1 US 4242901 A US4242901 A US 4242901A US 2003079078 A1 US2003079078 A1 US 2003079078A1
Authority
US
United States
Prior art keywords
report
storage medium
setup interface
destination
erase
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US10/042,429
Other versions
US7349118B2 (en
Inventor
Andrew Zipprich
Bruce Talbert
Keith Bunker
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xerox Corp
Original Assignee
Xerox Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xerox Corp filed Critical Xerox Corp
Priority to US10/042,429 priority Critical patent/US7349118B2/en
Assigned to XEROX CORPORATION reassignment XEROX CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BUNKER, KEITH G., TALBERT, BRUCE E., ZIPPRICH, ANDREW J.
Assigned to BANK ONE, NA, AS ADMINISTRATIVE AGENT reassignment BANK ONE, NA, AS ADMINISTRATIVE AGENT SECURITY AGREEMENT Assignors: XEROX CORPORATION
Publication of US20030079078A1 publication Critical patent/US20030079078A1/en
Assigned to JPMORGAN CHASE BANK, AS COLLATERAL AGENT reassignment JPMORGAN CHASE BANK, AS COLLATERAL AGENT SECURITY AGREEMENT Assignors: XEROX CORPORATION
Application granted granted Critical
Publication of US7349118B2 publication Critical patent/US7349118B2/en
Assigned to XEROX CORPORATION reassignment XEROX CORPORATION RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: BANK ONE, NA
Assigned to XEROX CORPORATION reassignment XEROX CORPORATION RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: JPMORGAN CHASE BANK, N.A. AS SUCCESSOR-IN-INTEREST ADMINISTRATIVE AGENT AND COLLATERAL AGENT TO JPMORGAN CHASE BANK
Assigned to XEROX CORPORATION reassignment XEROX CORPORATION RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: JPMORGAN CHASE BANK, N.A. AS SUCCESSOR-IN-INTEREST ADMINISTRATIVE AGENT AND COLLATERAL AGENT TO BANK ONE, N.A.
Assigned to CITIBANK, N.A., AS AGENT reassignment CITIBANK, N.A., AS AGENT SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: XEROX CORPORATION
Assigned to XEROX CORPORATION reassignment XEROX CORPORATION RELEASE OF SECURITY INTEREST IN PATENTS AT R/F 062740/0214 Assignors: CITIBANK, N.A., AS AGENT
Assigned to CITIBANK, N.A., AS COLLATERAL AGENT reassignment CITIBANK, N.A., AS COLLATERAL AGENT SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: XEROX CORPORATION
Assigned to JEFFERIES FINANCE LLC, AS COLLATERAL AGENT reassignment JEFFERIES FINANCE LLC, AS COLLATERAL AGENT SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: XEROX CORPORATION
Assigned to CITIBANK, N.A., AS COLLATERAL AGENT reassignment CITIBANK, N.A., AS COLLATERAL AGENT SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: XEROX CORPORATION
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/80Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen

Definitions

  • the invention relates to secure erasure of sensitive or private data from storage media and recording the disposition of a command to initiate such secure erasure.
  • NVM non-volatile memory
  • magnetic and optical storage media such as magnetic and optical storage media and including removable disk systems, hard drives, and other storage media systems allowing the device and/or a user to store a job the device uses or is directed to use the stored job.
  • high security areas e.g., military installations
  • users in lower security area often wish to erase data they would like to keep private or confidential for various reasons.
  • the currently prevalent method of deleting a file is to delete the pointers and/or directory information that allows the device to locate the data; the document images/data files themselves are still resident in the NVM. This method usually does not meet the requirement that the job data shall be erased from the NVM once the job is complete.
  • Current workarounds include: (1) removal of the NVM from the device and locked up at night, or (2) prohibiting NVM installation in the first place.
  • Embodiments allow a user or a system administrator (SA) to program a device to overwrite an entire NVM device or the particular region of NVM in which the data file associated with a print, scan, fax, copy, or other job resides.
  • the data file is overwritten more than once, such as from 2 to about 50 times, with the exact number of overwrites being determined according to a stored default value or a user-input value.
  • the data file is overwritten with a different pattern on each overwrite according to a stored default value or a user-input value. For example, if a user has just printed something stored on a floppy disk, the user can erase it securely with a sequence of patterns of choice.
  • the device, medium, and process of the present invention can have, in various embodiments, for example, three parameters:
  • a set of patterns with which the portion of the hard drive that is to be erased will be overwritten.
  • the table of patterns can be generated in a manner allowing a customer/SA to preprogram the patterns so that the patterns are in a sequence that satisfies an installation's particular security requirements. In pseudo code, this looks like:
  • a site settable value that allows the customer/SA to program how many patterns with which to overwrite the portion of the hard drive that should be overwritten.
  • the site settable value can be, for example, between 1 and about N (N is the number of patterns in PatternTable).
  • N is the number of patterns in PatternTable.
  • NumPatternToUse is this site settable value.
  • the algorithm then uses, in various embodiments, the patterns and the number of overwrites to overwrite the portion of the disk N times.
  • An example of a routine that can be used in embodiments of the invention employing a value like NumberOfTimesToCycle is the pseudocode expression:
  • Embodiments of the invention employ a user interface (UI) or client activated erase trigger to automatically place the digital copier or printer into, for example, an Image Disk Erasing Routine, where an Image Disk is a storage media used by the device to store data files including scanned images of documents and/or print job data and the like.
  • An example of such an Erasing Routine is a routine that executes three complete erasures with a check to ensure the data is completely erased; per industry or security approved processes.
  • the Erasing Routine removes or destroys any residual data files including documents, images, and the like, on the Image or ESS Disks.
  • a customer selectable UI/client button with confirmation that the process was completed could activate this routine. During this erasing feature, the system would be offline.
  • a feature of the invention to provide a storage medium security erase system comprising an erase trigger that tells a drive sector analyzer to retrieve data file location information from a CPU and send the location information to a secure storage medium eraser that overwrites the data file according to a predetermined secure erase method, the eraser using a type of overwrite pattern and a number of overwrites determined by an erase pattern determiner according to predetermined criteria and/or user input.
  • An additional feature in embodiments is to apply a method of securely erasing a data file by a providing an erase trigger, determining a location of the data file on the storage medium, overwriting the data file according to a predetermined secure erase method, and determining at least a number of times to overwrite the data file in response to the erase trigger and according to predetermined criteria.
  • a report is generated indicating the status of the overwrite.
  • the report can be of various types and can be sent to various locations depending on the particular arrangement and desire of the user and/or administrator. Such a report can provide immediate feedback and logging/tracking of the overwrite events.
  • FIG. 1 is a perspective view of a digital printing and/or reproducing device that can use embodiments of the invention
  • FIG. 2 is a close-up perspective view of a removable storage media drive of the device shown in FIG. 1;
  • FIGS. 3A, 3B, and 3 C are elevational views of a display panel of the device of FIG. 1 showing a graphical user interface in which a user can select parameters of embodiments of the invention.
  • FIG. 4 is a schematic of a graphical user interface dialog box of a driver that can be implemented on a personal computer to control the device shown in FIG. 1, the dialog box allowing selection of parameters of embodiments of the invention.
  • FIG. 5 is a schematic representation of process executed in embodiments.
  • FIG. 6 is a schematic representation of another process executed in embodiments.
  • FIG. 7 is a schematic representation of the generation of a confirmation according to embodiments.
  • FIG. 8 is a schematic representation of a GUI that could be used in embodiments.
  • various embodiments of the invention include a device 1 , such as a scanner, printer, photocopier, or other device, having a non-volatile memory (NVM) 2 , such as a magnetic or optical storage medium, to which the device 1 can store data 3 and/or from which the device can read data 3 stored in a data file 4 .
  • NVM non-volatile memory
  • the device 1 can use the data 3 to produce output, such as paper hard copy of a word processing document or the like.
  • the NVM 2 shown in the FIGS. is a removable magnetic storage medium, it must be understood that embodiments can apply to any NVM, such as hard disk drives, MO drives/media, CD-RW, DVD-RAM, tape drives, flash ROM, etc.
  • Various embodiments of the invention use a CPU 5 of the device 1 in which elements of the invention reside and that provides and executes various processes of the invention.
  • the CPU 5 can provide or respond to an erase trigger 6 .
  • the erase trigger 6 in embodiments of the invention can be a physical button on the device, a virtual button on, for example, an LCD of the device, or an instruction sent to the device as part of the data file 4 used to generate output from client software, such as a driver interface 7 on a remote computer.
  • the CPU 5 stores the data file 4 in the NVM 2 , which can be a fixed or removable storage medium, and keeps track of the data file 4 so that, when the erase trigger 6 is set, the erasure process can determine a location 8 of the data file on the NVM 2 .
  • the erasure process then overwrites the data file 4 according to a predetermined secure erase method; in embodiments of the invention, the secure erase method can include overwriting the data file 4 a particular number of times 9 , using a particular pattern 10 to overwrite the data file 4 (such as all 1s, all 0s, etc.), and/or cycling the overwrite pattern on each iteration of the overwrite process 11 . Other iteration and pattern variations can also be used.
  • the particular number of times 9 could be at least 3, cycling from a first pattern, to the complement of the first pattern, then to a second pattern, etc.
  • Such a sequence has been approved for purging overwrites of sensitive data on NVM 2 employed, for example, by the Department of Defense.
  • the erasure process can check or respond to, for example, the erase trigger 6 , which can include this information.
  • the user can be prompted to enter the number of times 9 and/or pattern(s) 10 to use to overwrite the data file 4 .
  • the erase trigger 6 is provided from a driver interface 7
  • the user can provide the number of times 9 and/or pattern(s) 10 to use to overwrite the data file 4 when creating the job in the first place.
  • Other user interfaces could also be employed, such as a web- or markup-language-based interface usable over a network and other interfaces, to provide the erase trigger 6 and the various parameters a user might be allowed to enter.
  • the CPU 5 can provide one or more graphical user interface (GUI) element(s) 13 in communication with or acting as the erase trigger 6 .
  • GUI graphical user interface
  • the CPU 5 can accept the user-selected parameter(s) from the GUI element(s) 13 with which to overwrite the data file.
  • the GUI element can be a virtual button or keypad displayed on a pressure-sensitive display of the device, such as that shown in FIGS. 3A and 3B.
  • the GUI element(s) 13 can be part of a driver interface similar to that shown in FIG. 4.
  • embodiments of the invention can allow a system administrator (SA) to program the device 1 to overwrite the data file 4 according to predetermined criteria, such as a stored number of overwrites 9 and/or sequence of patterns 10 of choice. Rather than trying to settle on a single algorithm (e.g., overwrite 3 times, first time with is, the second time with 0s, the third time with a random pattern) for all customers, this allows selection by the SA during setup or reconfiguration of the device 1 . Further, embodiments of the invention can allow the SA to program a timer that will automatically delete all data files after a specified period has elapsed.
  • SA system administrator
  • a set of patterns 12 can be stored in a storage medium 2 in communication with the system.
  • the set of patterns 12 can be stored in a computer memory or another storage medium in, for example, a table, such as a table resembling the pseudocode expression:
  • the invention can then use the set of patterns 12 , the number of times to overwrite 9 , and a pattern selection variable to erase the data file 4 by overwriting.
  • a pattern selection variable for example, in embodiments of the invention, the user-selected pattern NumPatternToUse to be used and a number of times N to overwrite the data file 4 according to the pseudocode expression:
  • FIGS. 5 and 6 show two flow charts that show how embodiments of the invention might carry out the erasure process.
  • an embodiment of the process 11 using predetermined patterns from a pattern table, as well as a predetermined number of patterns to use is shown in flow chart 100 .
  • the erase trigger 6 is represented in the beginning block 101 of the flow chart 100 and an initial step is to set the counter NumberOfOverwrites to 0 as shown in block 102 .
  • the first overwrite pattern is loaded from the pattern table, as seen in block 103 .
  • the data file 4 is overwritten using the loaded pattern as illustrated in block 104 , and the NumberOfOverwrites is incremented as seen in block 105 .
  • the counter is compared to the number of patterns to use as shown in block 106 . If the counter value is less than the number of patterns to use, then the next pattern is loaded as seen in block 107 , and the steps shown in blocks 104 - 107 continue to be executed until the counter value is no longer less than the number of patterns to use, at which point the overwrite is complete, as expressed in block 108 .
  • FIG. 6 an embodiment of the invention 11 using predetermined patterns from a pattern table, as well as a predetermined number of patterns to use (expressed by the variable NumPatternsToUse) is shown in flow chart 200 with the added feature of a number of overwrite cycles to be completed.
  • the erase trigger 6 is represented in the beginning block 201 of the flow chart 200 and an initial step is to set the counter NumberOfOverwriteCycles to 0 as shown in block 202 , then to set the counter NumberOfOverwrites to 0 as shown in block 203 .
  • the first overwrite pattern is loaded from the pattern table, as seen in block 204 .
  • the data file 4 is overwritten using the loaded pattern as illustrated in block 205 , and the NumberOfOverwrites is incremented as seen in block 206 .
  • the counter NumberOfOverwrites is compared to the number of patterns to use as shown in block 207 . If the counter value is less than the number of patterns to use, then the next pattern is loaded as seen in block 208 , and the steps shown in blocks 205 - 208 continue to be executed until the counter NumberOfOverwrites has a value that is no longer less than the number of patterns to use, at which point the particular overwrite is complete and the counter NumberOfOverwriteCycles incremented, as expressed in block 209 .
  • the value of the counter NumberOfOverwriteCycles is compared to a predetermined NumberOfTimesToCycle. If this counter value is less than the number of times to cycle, then the counter NumberOfOverwrites is reset, and the steps shown in blocks 203 - 210 continue to be executed until the counter NumberOfTimesToCycle has a value that is no longer less than the number of times to cycle, at which point the particular overwrite is complete as seen in block 211 .
  • the preprogrammed values of NumberOfOverwrites and NumberOfTimesToCycle, as well as the preselected patterns, of the particular processes shown in FIGS. 5 and 6 could be user selected values entered into the system using apparatus and methods such as those shown in FIGS. 3 and 4, among others.
  • embodiments can include a report generator 14 , as seen in FIGS. 3 A-C and 4 , that can generate a report as to the disposition of an initiated overwrite. Any device including NVM 2 from which files are deleted according to embodiments could create such a report. Additionally, the report can be generated upon completion of a specific activity related to that stored file, such as job printed, file transferred to network, and fax sent. In embodiments, for example, upon completion of a hard drive overwrite, a report in the form of a print job is generated by the device indicating the status of the hard drive overwrite. The print job would print the report on a substrate to create a status sheet that can indicate success or failure to provide users immediate feedback and logging/tracking of the overwrite event.
  • the device checks to see whether a report is to be generated (block 301 ). If not, then the process terminates (block 399 ), but if a report is to be generated, the device checks to see what type of report is to be generated (block 302 ). If the report is to be hard copy (block 303 ), then the device checks to see where the report should be printed (block 304 ). In situations in which the report should be printed on the same device as that which houses the NVM 2 that was overwritten, then the device prints the report (block 305 ). If the report is to be printed on another device, then the device sends a print job containing the report to the desired remote device (block 306 ), such as an administrator's dedicated printer, and the process terminates (block 399 ).
  • the desired remote device block 306
  • the device sends a message to an e-mail address (block 308 ) and the process terminates (block 399 ).
  • the e-mail address can be an administrator's e-mail address, a user's address, or some other e-mail address specified by the administrator or the user, and might or might not be alterable by the user.
  • the device When the report is to be an entry in a log file (block 309 ), the device writes the entry in the log file (block 310 ) and the process terminates (block 399 ).
  • the log file can, in embodiments, specified by an administrator or by a user, and might or might not be alterable by a user, depending on the particular nature of the installation. Further, rather than an entry added to an existing file, the device could create a standalone log file; in other words, the log entry would be made in a new file created by the device in a specified location.
  • the user interface of the device can include a GUI element 15 allowing access to a report setup interface 400 .
  • the report setup interface 400 will be displayed on the device itself, while in other embodiments, the report setup interface 400 will be displayed in a driver interface 7 . In either case, embodiments could enable an administrator to restrict access to the report setup interface 400 so that only the administrator could make changes.
  • the report setup interface 400 can include, in embodiments, a report GUI element 401 determinative of the generation of a report.
  • the report GUI element 401 could include a pulldown menu, a check box, a radio button, etc., that allows a user or administrator to indicate that a report should be generated when an overwrite has completed.
  • the report setup interface 400 can include, in embodiments, a type GUI element 402 indicating what type of report the device should generate.
  • the type GUI element 402 could be a pulldown menu, a set of radio buttons, a set of check boxes, etc., including a list of the types of reports available for selection and allowing a user or administrator to indicate what type of report the device should generate.
  • the report setup interface 400 can include, in embodiments, a destination GUI element 403 indicating where the report should go.
  • the destination GUI element 403 can be a pulldown menu, one or more check boxes, one or more radio buttons, or one or more other suitable GUI elements 13 allowing a user or administrator to indicate a destination for the report.
  • the destination GUI element 403 can vary depending upon the type of report indicated by type GUI element 402 . For example, where a hard copy report is indicated, such as by type GUI element 402 , the destination GUI element 403 might be a pulldown menu including a list of devices available for printing the report.
  • the destination GUI element 403 could be a pulldown menu including a list of e-mail addresses to which the report can be sent, or it could be a text entry field into which the user or administrator can enter an e-mail address.
  • the destination GUI element 403 could even, in embodiments, become a text entry field could even be created were the user or administrator to select a list item labeled “New Address” or the like.
  • the destination GUI element 403 could be a pulldown menu including a list of log files to which the report can be written, or it could be a text entry field into which the user or administrator can enter new log file path.
  • the destination GUI element 403 could even, in embodiments, become a text entry field could even be created were the user or administrator to select a list item labeled “New Path” or the like.
  • the destination GUI element 403 could include a selection indicating that the log entry should be made in a new file each time and allow a user or administrator to indicate a destination NVM 2 to which the files should be written.

Abstract

A process that provides a status report following a request for the destruction of data files a user wishes to completely erase from a storage medium, such as a hard drive or removable disk. A system administrator can select a quantity of and pattern to be used in overwrites of the data file so that no one can recover the data from the storage medium. In embodiments, a graphical user interface (GUI) can be provided to allow user triggering of and parameter setting for the process. The GUI can be implemented at a device in which the storage medium is a component or can be implemented in a device driver GUI on a personal computer in communication with the device.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • The subject matter of this patent application relates to U.S. patent application Ser. No. 09/871,877, SECURE DATA FILE ERASURE, filed on Jun. 4, 2001, which application is assigned to the assignee of this application, the disclosure of which is hereby incorporated by reference.[0001]
  • BACKGROUND AND SUMMARY
  • The invention relates to secure erasure of sensitive or private data from storage media and recording the disposition of a command to initiate such secure erasure. [0002]
  • Many photocopiers, printers, multifunction devices, and other reproduction and printing devices now include non-volatile memory (NVM), such as magnetic and optical storage media and including removable disk systems, hard drives, and other storage media systems allowing the device and/or a user to store a job the device uses or is directed to use the stored job. In high security areas (e.g., military installations), there is often a requirement that all jobs that stored on NVM of a device shall be inaccessible once the job is completed. Additionally, users in lower security area often wish to erase data they would like to keep private or confidential for various reasons. [0003]
  • The currently prevalent method of deleting a file is to delete the pointers and/or directory information that allows the device to locate the data; the document images/data files themselves are still resident in the NVM. This method usually does not meet the requirement that the job data shall be erased from the NVM once the job is complete. Current workarounds include: (1) removal of the NVM from the device and locked up at night, or (2) prohibiting NVM installation in the first place. [0004]
  • Lately, secure erase systems that overwrite the data with patterns of 1s, 0s, or random combinations thereof have come into use to meet erasure requirements. However, government agencies and other customers have different requirements as to how many times one can overwrite the appropriate portions of NVM once a job or task is completed, which can lead to difficulties in product design and implementation. [0005]
  • Embodiments allow a user or a system administrator (SA) to program a device to overwrite an entire NVM device or the particular region of NVM in which the data file associated with a print, scan, fax, copy, or other job resides. In embodiments, the data file is overwritten more than once, such as from 2 to about 50 times, with the exact number of overwrites being determined according to a stored default value or a user-input value. Further, in embodiments, the data file is overwritten with a different pattern on each overwrite according to a stored default value or a user-input value. For example, if a user has just printed something stored on a floppy disk, the user can erase it securely with a sequence of patterns of choice. Instead of trying to settle on a single algorithm (e.g., overwrite 3 times, first time with 1s, the second time with 0s, the third time with a random pattern), this allows overwriting “n” times with a set of patterns that can be downloaded to the device. Further, embodiments can implement Department of Defense approved overwrite routines. [0006]
  • The device, medium, and process of the present invention can have, in various embodiments, for example, three parameters: [0007]
  • 1. A set of patterns with which the portion of the hard drive that is to be erased will be overwritten. This could be a table of patterns that will be used to overwrite the disk. In embodiments, the table of patterns can be generated in a manner allowing a customer/SA to preprogram the patterns so that the patterns are in a sequence that satisfies an installation's particular security requirements. In pseudo code, this looks like: [0008]
  • PatternTable (N)←Pattern1, Pattern2, Pattern3, . . . PatternN;
  • 2. A site settable value that allows the customer/SA to program how many patterns with which to overwrite the portion of the hard drive that should be overwritten. The site settable value can be, for example, between 1 and about N (N is the number of patterns in PatternTable). In various embodiments, for example, NumPatternToUse is this site settable value. [0009]
  • 3. A site settable value that allows the customer/SA to program how many times the entire set of patterns should be run. It can have any positive value. In various embodiments, NumberOfTimesToCycle can be this value. [0010]
  • The algorithm then uses, in various embodiments, the patterns and the number of overwrites to overwrite the portion of the disk N times. An example of a routine that can be used in embodiments of the invention employing a value like NumberOfTimesToCycle is the pseudocode expression: [0011]
  • For count←1 to NumPatternToUse Do
  • Overwrite region of storage media that stored the data file with PatternTable(count); [0012]
  • This allows for a flexible, programmable sequence of overwrites that should satisfy any overwrite requirement by any customer. Embodiments using a value like NumberOfTimesToCycle can use a routine such as, for example, that expressed by the pseudocode expression: [0013]
  • For NumberOfOverwriteCycle←1 to NumberOfTimesToCycle Do
  • For count←1 to NumPatternToUse Do
  • Overwrite region of storage media that stored the data file with PatternTable(count); [0014]
  • Embodiments of the invention employ a user interface (UI) or client activated erase trigger to automatically place the digital copier or printer into, for example, an Image Disk Erasing Routine, where an Image Disk is a storage media used by the device to store data files including scanned images of documents and/or print job data and the like. An example of such an Erasing Routine is a routine that executes three complete erasures with a check to ensure the data is completely erased; per industry or security approved processes. The Erasing Routine removes or destroys any residual data files including documents, images, and the like, on the Image or ESS Disks. In embodiments, a customer selectable UI/client button with confirmation that the process was completed could activate this routine. During this erasing feature, the system would be offline. [0015]
  • Thus, a feature of the invention to provide a storage medium security erase system comprising an erase trigger that tells a drive sector analyzer to retrieve data file location information from a CPU and send the location information to a secure storage medium eraser that overwrites the data file according to a predetermined secure erase method, the eraser using a type of overwrite pattern and a number of overwrites determined by an erase pattern determiner according to predetermined criteria and/or user input. [0016]
  • An additional feature in embodiments is to apply a method of securely erasing a data file by a providing an erase trigger, determining a location of the data file on the storage medium, overwriting the data file according to a predetermined secure erase method, and determining at least a number of times to overwrite the data file in response to the erase trigger and according to predetermined criteria. [0017]
  • Additionally, in embodiments, upon completion of an overwrite, a report is generated indicating the status of the overwrite. The report can be of various types and can be sent to various locations depending on the particular arrangement and desire of the user and/or administrator. Such a report can provide immediate feedback and logging/tracking of the overwrite events.[0018]
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a perspective view of a digital printing and/or reproducing device that can use embodiments of the invention; [0019]
  • FIG. 2 is a close-up perspective view of a removable storage media drive of the device shown in FIG. 1; [0020]
  • FIGS. 3A, 3B, and [0021] 3C are elevational views of a display panel of the device of FIG. 1 showing a graphical user interface in which a user can select parameters of embodiments of the invention; and
  • FIG. 4 is a schematic of a graphical user interface dialog box of a driver that can be implemented on a personal computer to control the device shown in FIG. 1, the dialog box allowing selection of parameters of embodiments of the invention. [0022]
  • FIG. 5 is a schematic representation of process executed in embodiments. [0023]
  • FIG. 6 is a schematic representation of another process executed in embodiments. [0024]
  • FIG. 7 is a schematic representation of the generation of a confirmation according to embodiments. [0025]
  • FIG. 8 is a schematic representation of a GUI that could be used in embodiments.[0026]
  • DETAILED DESCRIPTION
  • With reference to the accompanying FIGS., various embodiments of the invention include a [0027] device 1, such as a scanner, printer, photocopier, or other device, having a non-volatile memory (NVM) 2, such as a magnetic or optical storage medium, to which the device 1 can store data 3 and/or from which the device can read data 3 stored in a data file 4. In embodiments, the device 1 can use the data 3 to produce output, such as paper hard copy of a word processing document or the like. While the NVM 2 shown in the FIGS. is a removable magnetic storage medium, it must be understood that embodiments can apply to any NVM, such as hard disk drives, MO drives/media, CD-RW, DVD-RAM, tape drives, flash ROM, etc.
  • Various embodiments of the invention use a [0028] CPU 5 of the device 1 in which elements of the invention reside and that provides and executes various processes of the invention. For example, the CPU 5 can provide or respond to an erase trigger 6. The erase trigger 6 in embodiments of the invention can be a physical button on the device, a virtual button on, for example, an LCD of the device, or an instruction sent to the device as part of the data file 4 used to generate output from client software, such as a driver interface 7 on a remote computer. The CPU 5 stores the data file 4 in the NVM 2, which can be a fixed or removable storage medium, and keeps track of the data file 4 so that, when the erase trigger 6 is set, the erasure process can determine a location 8 of the data file on the NVM 2. The erasure process then overwrites the data file 4 according to a predetermined secure erase method; in embodiments of the invention, the secure erase method can include overwriting the data file 4 a particular number of times 9, using a particular pattern 10 to overwrite the data file 4 (such as all 1s, all 0s, etc.), and/or cycling the overwrite pattern on each iteration of the overwrite process 11. Other iteration and pattern variations can also be used. For example, the particular number of times 9 could be at least 3, cycling from a first pattern, to the complement of the first pattern, then to a second pattern, etc. Such a sequence has been approved for purging overwrites of sensitive data on NVM 2 employed, for example, by the Department of Defense.
  • To determine at least a number of times to overwrite the [0029] data file 4, the erasure process can check or respond to, for example, the erase trigger 6, which can include this information. Alternatively, in embodiments where the invention is implemented in a photocopier or the like, the user can be prompted to enter the number of times 9 and/or pattern(s) 10 to use to overwrite the data file 4. In embodiments in which the erase trigger 6 is provided from a driver interface 7, the user can provide the number of times 9 and/or pattern(s) 10 to use to overwrite the data file 4 when creating the job in the first place. Other user interfaces could also be employed, such as a web- or markup-language-based interface usable over a network and other interfaces, to provide the erase trigger 6 and the various parameters a user might be allowed to enter.
  • In embodiments allowing user selection of the various parameters, the [0030] CPU 5 can provide one or more graphical user interface (GUI) element(s) 13 in communication with or acting as the erase trigger 6. The CPU 5 can accept the user-selected parameter(s) from the GUI element(s) 13 with which to overwrite the data file. For example, the GUI element can be a virtual button or keypad displayed on a pressure-sensitive display of the device, such as that shown in FIGS. 3A and 3B. In embodiments, the GUI element(s) 13 can be part of a driver interface similar to that shown in FIG. 4.
  • In addition to user-selectable criteria, embodiments of the invention can allow a system administrator (SA) to program the [0031] device 1 to overwrite the data file 4 according to predetermined criteria, such as a stored number of overwrites 9 and/or sequence of patterns 10 of choice. Rather than trying to settle on a single algorithm (e.g., overwrite 3 times, first time with is, the second time with 0s, the third time with a random pattern) for all customers, this allows selection by the SA during setup or reconfiguration of the device 1. Further, embodiments of the invention can allow the SA to program a timer that will automatically delete all data files after a specified period has elapsed.
  • Where more than one [0032] pattern 10 is available, a set of patterns 12 can be stored in a storage medium 2 in communication with the system. The set of patterns 12 can be stored in a computer memory or another storage medium in, for example, a table, such as a table resembling the pseudocode expression:
  • PatternTable (N)←Pattern1, Pattern2, Pattern3, . . . PatternN.
  • The invention can then use the set of patterns [0033] 12, the number of times to overwrite 9, and a pattern selection variable to erase the data file 4 by overwriting. For example, in embodiments of the invention, the user-selected pattern NumPatternToUse to be used and a number of times N to overwrite the data file 4 according to the pseudocode expression:
  • For count←1 to NumPatternToUse Do
  • Overwrite region of storage media that stored the data file with PatternTable(count); [0034]
  • FIGS. 5 and 6 show two flow charts that show how embodiments of the invention might carry out the erasure process. Referring to FIG. 5, an embodiment of the [0035] process 11 using predetermined patterns from a pattern table, as well as a predetermined number of patterns to use (expressed by the variable NumPatternsToUse) is shown in flow chart 100. The erase trigger 6 is represented in the beginning block 101 of the flow chart 100 and an initial step is to set the counter NumberOfOverwrites to 0 as shown in block 102. Next, the first overwrite pattern is loaded from the pattern table, as seen in block 103. The data file 4 is overwritten using the loaded pattern as illustrated in block 104, and the NumberOfOverwrites is incremented as seen in block 105. The counter is compared to the number of patterns to use as shown in block 106. If the counter value is less than the number of patterns to use, then the next pattern is loaded as seen in block 107, and the steps shown in blocks 104-107 continue to be executed until the counter value is no longer less than the number of patterns to use, at which point the overwrite is complete, as expressed in block 108.
  • Referring to FIG. 6, an embodiment of the [0036] invention 11 using predetermined patterns from a pattern table, as well as a predetermined number of patterns to use (expressed by the variable NumPatternsToUse) is shown in flow chart 200 with the added feature of a number of overwrite cycles to be completed. The erase trigger 6 is represented in the beginning block 201 of the flow chart 200 and an initial step is to set the counter NumberOfOverwriteCycles to 0 as shown in block 202, then to set the counter NumberOfOverwrites to 0 as shown in block 203. Next, the first overwrite pattern is loaded from the pattern table, as seen in block 204. The data file 4 is overwritten using the loaded pattern as illustrated in block 205, and the NumberOfOverwrites is incremented as seen in block 206. The counter NumberOfOverwrites is compared to the number of patterns to use as shown in block 207. If the counter value is less than the number of patterns to use, then the next pattern is loaded as seen in block 208, and the steps shown in blocks 205-208 continue to be executed until the counter NumberOfOverwrites has a value that is no longer less than the number of patterns to use, at which point the particular overwrite is complete and the counter NumberOfOverwriteCycles incremented, as expressed in block 209. As shown in block 210, the value of the counter NumberOfOverwriteCycles is compared to a predetermined NumberOfTimesToCycle. If this counter value is less than the number of times to cycle, then the counter NumberOfOverwrites is reset, and the steps shown in blocks 203-210 continue to be executed until the counter NumberOfTimesToCycle has a value that is no longer less than the number of times to cycle, at which point the particular overwrite is complete as seen in block 211.
  • As should be readily apparent to one of ordinary skill in the art, the preprogrammed values of NumberOfOverwrites and NumberOfTimesToCycle, as well as the preselected patterns, of the particular processes shown in FIGS. 5 and 6 could be user selected values entered into the system using apparatus and methods such as those shown in FIGS. 3 and 4, among others. [0037]
  • As an additional tool, embodiments can include a [0038] report generator 14, as seen in FIGS. 3A-C and 4, that can generate a report as to the disposition of an initiated overwrite. Any device including NVM 2 from which files are deleted according to embodiments could create such a report. Additionally, the report can be generated upon completion of a specific activity related to that stored file, such as job printed, file transferred to network, and fax sent. In embodiments, for example, upon completion of a hard drive overwrite, a report in the form of a print job is generated by the device indicating the status of the hard drive overwrite. The print job would print the report on a substrate to create a status sheet that can indicate success or failure to provide users immediate feedback and logging/tracking of the overwrite event.
  • With particular reference to FIG. 7, showing an [0039] exemplary process 300 of embodiments, once a hard drive overwrite is completed, the device checks to see whether a report is to be generated (block 301). If not, then the process terminates (block 399), but if a report is to be generated, the device checks to see what type of report is to be generated (block 302). If the report is to be hard copy (block 303), then the device checks to see where the report should be printed (block 304). In situations in which the report should be printed on the same device as that which houses the NVM 2 that was overwritten, then the device prints the report (block 305). If the report is to be printed on another device, then the device sends a print job containing the report to the desired remote device (block 306), such as an administrator's dedicated printer, and the process terminates (block 399).
  • Where the report is to be an e-mail message (block [0040] 307), the device sends a message to an e-mail address (block 308) and the process terminates (block 399). In embodiments, the e-mail address can be an administrator's e-mail address, a user's address, or some other e-mail address specified by the administrator or the user, and might or might not be alterable by the user.
  • When the report is to be an entry in a log file (block [0041] 309), the device writes the entry in the log file (block 310) and the process terminates (block 399). The log file can, in embodiments, specified by an administrator or by a user, and might or might not be alterable by a user, depending on the particular nature of the installation. Further, rather than an entry added to an existing file, the device could create a standalone log file; in other words, the log entry would be made in a new file created by the device in a specified location.
  • With reference to FIGS. 3A, 3B, [0042] 3C, 4, and 8, the user interface of the device can include a GUI element 15 allowing access to a report setup interface 400. In embodiments, the report setup interface 400 will be displayed on the device itself, while in other embodiments, the report setup interface 400 will be displayed in a driver interface 7. In either case, embodiments could enable an administrator to restrict access to the report setup interface 400 so that only the administrator could make changes.
  • The [0043] report setup interface 400 can include, in embodiments, a report GUI element 401 determinative of the generation of a report. For example, the report GUI element 401 could include a pulldown menu, a check box, a radio button, etc., that allows a user or administrator to indicate that a report should be generated when an overwrite has completed.
  • Additionally, the [0044] report setup interface 400 can include, in embodiments, a type GUI element 402 indicating what type of report the device should generate. For example, the type GUI element 402 could be a pulldown menu, a set of radio buttons, a set of check boxes, etc., including a list of the types of reports available for selection and allowing a user or administrator to indicate what type of report the device should generate.
  • Further, the [0045] report setup interface 400 can include, in embodiments, a destination GUI element 403 indicating where the report should go. As with the report and type GUI elements 401, 402, the destination GUI element 403 can be a pulldown menu, one or more check boxes, one or more radio buttons, or one or more other suitable GUI elements 13 allowing a user or administrator to indicate a destination for the report. The destination GUI element 403 can vary depending upon the type of report indicated by type GUI element 402. For example, where a hard copy report is indicated, such as by type GUI element 402, the destination GUI element 403 might be a pulldown menu including a list of devices available for printing the report.
  • Where an e-mail message is indicated in [0046] type GUI element 402, the destination GUI element 403 could be a pulldown menu including a list of e-mail addresses to which the report can be sent, or it could be a text entry field into which the user or administrator can enter an e-mail address. The destination GUI element 403 could even, in embodiments, become a text entry field could even be created were the user or administrator to select a list item labeled “New Address” or the like.
  • Where a log entry is indicated in [0047] type GUI element 402, the destination GUI element 403 could be a pulldown menu including a list of log files to which the report can be written, or it could be a text entry field into which the user or administrator can enter new log file path. The destination GUI element 403 could even, in embodiments, become a text entry field could even be created were the user or administrator to select a list item labeled “New Path” or the like. Further, the destination GUI element 403 could include a selection indicating that the log entry should be made in a new file each time and allow a user or administrator to indicate a destination NVM 2 to which the files should be written.
  • Of course, other types of reports could be generated. For example, distinctive sounds could be made indicating success, failure, and other results of the overwrite process. Additionally, a speech synthesis routine could be employed to inform a designated individual of the results of the overwrite process. [0048]
  • Thus, in installations where customers wish to ensure data security, such as high security areas like military installations, customers can meet the requirement that all printed/copied jobs stored on hard drive(s) or other storage media of such devices be inaccessible once the job has completed without removing the storage medium. In addition, many customers simply want to ensure the privacy of their information and wish to erase print and/or copy jobs from storage media on which the jobs might be stored. The current conventional method of deleting a file (deleting the pointers to the data) can still be done, but the method according to embodiments of the invention ensures that data files themselves no longer reside on the disk and can not be recovered. [0049]
  • Other modifications of the present invention may occur to those skilled in the art subsequent to a review of the present application, and these modifications, including equivalents thereof, are intended to be included within the scope of the present invention. [0050]

Claims (28)

What is claimed is:
1. A device comprising:
a storage medium supported in a housing;
a secure storage medium eraser that erases a data file on the storage medium in response to an erase trigger; and
a report generator that can create a report on a status of a triggered erasure in response to predetermined criteria.
2. The device of claim 1 wherein the report created by the report generator is printed on a substrate.
3. The device of claim 2 wherein the report is printed by a printing device in which the storage medium being erased is housed.
4. The device of claim 2 wherein the report is printed by a printing device in communication with the secure storage medium eraser.
5. The device of claim 1 wherein the report created by the report generator is an e-mail message.
6. The device of claim 5 wherein the e-mail message is sent to a system administrator.
7. The device of claim 5 wherein the erase trigger is set by a user and the email message is sent to the user setting the erase trigger.
8. The device of claim 1 wherein the report is a sound.
9. The device of claim 1 wherein the report generator is configurable by an administrator only.
10. The device of claim 1 wherein the predetermined criteria include at least one of an indication of whether a report should be created, a type of report to be generated, and a destination of the report.
11. The device of claim 1 wherein the predetermined criteria can be set via a report setup interface.
12. A device comprising:
a storage medium supported in a housing;
a secure storage medium eraser that erases a data file on the storage medium in response to an erase trigger;
a report generator that creates a report on a status of a triggered erasure in response to predetermined criteria; and
a report setup interface through which the predetermined criteria can be set.
13. The device of claim 12 further including at least one graphical user interface (GUI) element of the report setup interface with which a user can set parameters of the predetermined criteria with which the report generator can create a report.
14. The device of claim 13 wherein the at least one GUI element includes a button.
15. The device of claim 13 wherein the at least one GUI element includes a virtual keyboard with which a user enters a value of a parameter.
16. The device of claim 12 wherein the report setup interface includes a report element indicative of whether a report should be created.
17. The device of claim 12 wherein the report setup interface includes a type element indicative of what type of report should be created.
18. The device of claim 12 wherein the report setup interface includes a destination element indicative of where the report should be sent.
19. The device of claim 12 wherein the report setup interface is accessible by an administrator only.
20. The device of claim 12 further including an input apparatus and wherein the report setup interface is accessed via the input apparatus.
21. The device of claim 12 wherein the report setup interface is accessed via driver software on a computer in communication with the device.
22. A selective secure erase report generation method comprising:
overwriting a data file according to a predetermined secure erase method in response to an erase trigger;
determining whether a report should be generated; and
generating a report of the status of a triggered erasure when the report should be generated.
23. The method of claim 22 further comprising determining a type of report to be generated.
24. The method of claim 22 further comprising determining a destination for the report.
25. An apparatus including:
a storage medium supported in a housing;
a secure storage medium eraser that erases a data file on the storage medium in response to an erase trigger;
a report generator that creates a report on a status of a triggered erasure in response to predetermined criteria including at least one of an indication that a report is to be generated, a type of report to generate, and a destination for the report; and
a report setup interface through which the predetermined criteria can be set.
the apparatus performing a selective secure erase report generation method comprising:
checking to see whether a report is to be generated;
when a report is to be generated:
checking a type of report to generate;
checking a destination for the report; and
generating the report at the destination.
26. The apparatus of claim 25 wherein the report is to be printed on a substrate, the apparatus further performing:
checking where the report should be printed;
printing the report at the apparatus if the apparatus is the destination; and
printing the report on another device when another device is the destination.
27. The apparatus of claim 25 wherein the report is to be an e-mail message, the apparatus further performing sending an e-mail message to an e-mail address specified via the report setup interface.
28. The apparatus of claim 25 wherein the report is to be a log entry and the apparatus further performs writing the entry in a log file specified via the report setup interface.
US10/042,429 2001-10-19 2001-10-19 Confirmation of secure data file erasure Active 2024-08-05 US7349118B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US10/042,429 US7349118B2 (en) 2001-10-19 2001-10-19 Confirmation of secure data file erasure

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US10/042,429 US7349118B2 (en) 2001-10-19 2001-10-19 Confirmation of secure data file erasure

Publications (2)

Publication Number Publication Date
US20030079078A1 true US20030079078A1 (en) 2003-04-24
US7349118B2 US7349118B2 (en) 2008-03-25

Family

ID=21921886

Family Applications (1)

Application Number Title Priority Date Filing Date
US10/042,429 Active 2024-08-05 US7349118B2 (en) 2001-10-19 2001-10-19 Confirmation of secure data file erasure

Country Status (1)

Country Link
US (1) US7349118B2 (en)

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030204747A1 (en) * 2002-04-29 2003-10-30 Gaebel Gary Lin Secure document-data-handling system and methodology
US20040008375A1 (en) * 2002-07-12 2004-01-15 Toshihiko Fukuhara Image processing device
US20040114182A1 (en) * 2002-12-17 2004-06-17 Xerox Corporation Job secure overwrite failure notification
US20050237563A1 (en) * 2004-04-21 2005-10-27 Sharp Kabushiki Kaisha Data processing apparatus and image forming apparatus
US20060026340A1 (en) * 2004-07-27 2006-02-02 Takafumi Ito Memory card, card controller mounted on the memory card, and device for processing the memory card
US20060117153A1 (en) * 2004-11-30 2006-06-01 Kabushiki Kaisha Toshiba System for secure erasing of files
US20060117136A1 (en) * 2004-11-30 2006-06-01 Tran Peter H System for secure erasing of files
US20060155944A1 (en) * 2005-01-13 2006-07-13 Hitachi, Ltd. System and method for data migration and shredding
US20060200357A1 (en) * 2005-02-23 2006-09-07 International Business Machines (Ibm) Corporation Policy based data shredding for storage controller
US20090063586A1 (en) * 2007-08-30 2009-03-05 Samsung Electronics Co., Ltd Image forming apparatus, image forming system and file managing method thereof
US20090161956A1 (en) * 2007-12-21 2009-06-25 Fuji Xerox Co., Ltd. Storage control device and image processing device
US7831560B1 (en) * 2006-12-22 2010-11-09 Symantec Corporation Snapshot-aware secure delete
US20120188597A1 (en) * 2011-01-25 2012-07-26 Canon Kabushiki Kaisha Data processing apparatus and method for controlling same
CN102646447A (en) * 2011-02-22 2012-08-22 三星电子株式会社 Non-volatile memory device, memory controller, and methods thereof
US20130097122A1 (en) * 2011-10-12 2013-04-18 Jeffrey Liem Temporary File Storage System and Method
US20150212747A1 (en) * 2013-08-14 2015-07-30 L-3 Communications Corporation Protected mode for securing computing devices
US9104839B2 (en) 2013-01-14 2015-08-11 International Business Machines Corporation De-duplication aware secure delete
US9111109B2 (en) 2012-03-26 2015-08-18 International Business Machines Corporation Using different secure erase algorithms to erase chunks from a file associated with different security levels
US20180309614A1 (en) * 2017-04-25 2018-10-25 International Business Machines Corporation Devices Demise Actions and Notification
US10275466B2 (en) 2013-01-14 2019-04-30 International Business Machines Corporation De-duplication aware secure delete
CN111309249A (en) * 2018-12-11 2020-06-19 佳能株式会社 Information processing apparatus and control method thereof

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4387687B2 (en) * 2002-04-26 2009-12-16 キヤノン株式会社 Image processing apparatus, control method, and program
JP4338508B2 (en) * 2003-12-05 2009-10-07 シャープ株式会社 Data processing device
JP2006231673A (en) * 2005-02-24 2006-09-07 Oki Data Corp Image forming apparatus
US8139264B2 (en) * 2006-09-21 2012-03-20 Xerox Corporation System and method of overwriting image data with random patterns
US20100174865A1 (en) * 2009-01-06 2010-07-08 International Business Machines Corporation Dynamic data security erasure
US8145891B2 (en) * 2009-04-09 2012-03-27 Dell Products L.P. Bios-selectable data wiping system
US9134987B2 (en) * 2009-05-29 2015-09-15 Red Hat, Inc. Retiring target machines by a provisioning server
US8838995B2 (en) * 2009-05-29 2014-09-16 Western Digital Technologies, Inc. Physically modifying a data storage device to disable access to secure data and repurpose the data storage device
US9530436B1 (en) 2010-08-12 2016-12-27 Western Digital Technologies, Inc. Methods and systems for providing data security in data storage devices
US8587890B2 (en) * 2011-09-09 2013-11-19 International Business Machines Corporation Tape drive provided write format for overwrite erasure of magnetic tape data recorded in tracks

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5265159A (en) * 1992-06-23 1993-11-23 Hughes Aircraft Company Secure file erasure
US5623540A (en) * 1994-10-05 1997-04-22 Siemens Rolm Communications, Inc. PBX data retrieval and reporting system and method
US5918207A (en) * 1996-05-01 1999-06-29 Electronic Data Systems Corporation Process and system for predictive resource planning
US6061149A (en) * 1996-02-06 2000-05-09 Canon Kabushiki Kaisha Communication system capable of changing communication protocol
US6070174A (en) * 1997-09-30 2000-05-30 Infraworks Corporation Method and apparatus for real-time secure file deletion
US6078924A (en) * 1998-01-30 2000-06-20 Aeneid Corporation Method and apparatus for performing data collection, interpretation and analysis, in an information platform
US6122446A (en) * 1998-05-08 2000-09-19 Olympus Optical Co., Ltd. Blur correction camera
US20010025343A1 (en) * 2000-03-27 2001-09-27 Roy Chrisop Random bit mask generation for obscuring data on nonvolatile memory device
US6385589B1 (en) * 1998-12-30 2002-05-07 Pharmacia Corporation System for monitoring and managing the health care of a patient population

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5265159A (en) * 1992-06-23 1993-11-23 Hughes Aircraft Company Secure file erasure
US5623540A (en) * 1994-10-05 1997-04-22 Siemens Rolm Communications, Inc. PBX data retrieval and reporting system and method
US6061149A (en) * 1996-02-06 2000-05-09 Canon Kabushiki Kaisha Communication system capable of changing communication protocol
US5918207A (en) * 1996-05-01 1999-06-29 Electronic Data Systems Corporation Process and system for predictive resource planning
US6070174A (en) * 1997-09-30 2000-05-30 Infraworks Corporation Method and apparatus for real-time secure file deletion
US6078924A (en) * 1998-01-30 2000-06-20 Aeneid Corporation Method and apparatus for performing data collection, interpretation and analysis, in an information platform
US6122446A (en) * 1998-05-08 2000-09-19 Olympus Optical Co., Ltd. Blur correction camera
US6385589B1 (en) * 1998-12-30 2002-05-07 Pharmacia Corporation System for monitoring and managing the health care of a patient population
US20010025343A1 (en) * 2000-03-27 2001-09-27 Roy Chrisop Random bit mask generation for obscuring data on nonvolatile memory device

Cited By (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030204747A1 (en) * 2002-04-29 2003-10-30 Gaebel Gary Lin Secure document-data-handling system and methodology
US7343627B2 (en) * 2002-04-29 2008-03-11 Sharp Laboratories Of America, Inc. Secure document-data-handling system and methodology
US20040008375A1 (en) * 2002-07-12 2004-01-15 Toshihiko Fukuhara Image processing device
US7456992B2 (en) * 2002-07-12 2008-11-25 Sharp Kabushiki Kaisha Image processing device
US20040114182A1 (en) * 2002-12-17 2004-06-17 Xerox Corporation Job secure overwrite failure notification
US7154628B2 (en) * 2002-12-17 2006-12-26 Xerox Corporation Job secure overwrite failure notification
US20050237563A1 (en) * 2004-04-21 2005-10-27 Sharp Kabushiki Kaisha Data processing apparatus and image forming apparatus
US7716432B2 (en) * 2004-04-21 2010-05-11 Sharp Kabushiki Kaisha Data processing apparatus and image forming apparatus for managing a data deletion history
US20060026340A1 (en) * 2004-07-27 2006-02-02 Takafumi Ito Memory card, card controller mounted on the memory card, and device for processing the memory card
US20060117136A1 (en) * 2004-11-30 2006-06-01 Tran Peter H System for secure erasing of files
US20060117153A1 (en) * 2004-11-30 2006-06-01 Kabushiki Kaisha Toshiba System for secure erasing of files
US7246209B2 (en) 2004-11-30 2007-07-17 Kabushiki Kaisha Toshiba System for secure erasing of files
US20070208915A1 (en) * 2004-11-30 2007-09-06 Tran Peter H System for secure erasing of files
US7668883B2 (en) 2004-11-30 2010-02-23 Kabushiki Kaisha Toshiba System for secure erasing of files
US20060155944A1 (en) * 2005-01-13 2006-07-13 Hitachi, Ltd. System and method for data migration and shredding
US7739462B2 (en) 2005-02-23 2010-06-15 International Business Machines Corporation Policy based data shredding for storage controller
US20060200357A1 (en) * 2005-02-23 2006-09-07 International Business Machines (Ibm) Corporation Policy based data shredding for storage controller
US7831560B1 (en) * 2006-12-22 2010-11-09 Symantec Corporation Snapshot-aware secure delete
US20090063586A1 (en) * 2007-08-30 2009-03-05 Samsung Electronics Co., Ltd Image forming apparatus, image forming system and file managing method thereof
US8204918B2 (en) * 2007-08-30 2012-06-19 Samsung Electronics Co., Ltd. Image forming apparatus, image forming system and file managing method thereof
US20090161956A1 (en) * 2007-12-21 2009-06-25 Fuji Xerox Co., Ltd. Storage control device and image processing device
US8140784B2 (en) * 2007-12-21 2012-03-20 Fuji Xerox Co., Ltd. Storage control device and image processing device
US20120188597A1 (en) * 2011-01-25 2012-07-26 Canon Kabushiki Kaisha Data processing apparatus and method for controlling same
US9189639B2 (en) * 2011-01-25 2015-11-17 Canon Kabushiki Kaisha Data processing apparatus and method for controlling same
CN102646447A (en) * 2011-02-22 2012-08-22 三星电子株式会社 Non-volatile memory device, memory controller, and methods thereof
US20120213005A1 (en) * 2011-02-22 2012-08-23 Samsung Electronics Co., Ltd. Non-volatile memory device, memory controller, and methods thereof
US20130097122A1 (en) * 2011-10-12 2013-04-18 Jeffrey Liem Temporary File Storage System and Method
US9111109B2 (en) 2012-03-26 2015-08-18 International Business Machines Corporation Using different secure erase algorithms to erase chunks from a file associated with different security levels
US9311501B2 (en) 2012-03-26 2016-04-12 International Business Machines Corporation Using different secure erase algorithms to erase chunks from a file associated with different security levels
US10275466B2 (en) 2013-01-14 2019-04-30 International Business Machines Corporation De-duplication aware secure delete
US9104839B2 (en) 2013-01-14 2015-08-11 International Business Machines Corporation De-duplication aware secure delete
US20150212747A1 (en) * 2013-08-14 2015-07-30 L-3 Communications Corporation Protected mode for securing computing devices
US9690498B2 (en) * 2013-08-14 2017-06-27 L3 Technologies, Inc. Protected mode for securing computing devices
US20180309614A1 (en) * 2017-04-25 2018-10-25 International Business Machines Corporation Devices Demise Actions and Notification
US10616037B2 (en) * 2017-04-25 2020-04-07 International Business Machines Corporation Devices demise actions and notification
CN111309249A (en) * 2018-12-11 2020-06-19 佳能株式会社 Information processing apparatus and control method thereof
US11630586B2 (en) * 2018-12-11 2023-04-18 Canon Kabushiki Kaisha Information processing apparatus and method for controlling the same

Also Published As

Publication number Publication date
US7349118B2 (en) 2008-03-25

Similar Documents

Publication Publication Date Title
US7349118B2 (en) Confirmation of secure data file erasure
US6731447B2 (en) Secure data file erasure
US20040114265A1 (en) User-selectable automatic secure data file erasure of job after job completion
JP2008523468A (en) Non-volatile recording medium erasing system and method
US20070022290A1 (en) Information processing apparatus, control method thereof, and computer program
US7885935B2 (en) Peripheral device that manages data deletion authority
US7072054B2 (en) Security of incomplete/pending jobs after power loss
US20070294332A1 (en) Processing device for end customer operation
US7154628B2 (en) Job secure overwrite failure notification
JP4933822B2 (en) Data erasing system, management server, data erasing method and program
JP4435699B2 (en) Image forming apparatus
JPH0814802B2 (en) Method of replacing non-volatile memory in an electronic printing system
JP4962727B2 (en) Data storage device
JP3766014B2 (en) Security system for image forming apparatus, security method for image forming apparatus, and computer-readable storage medium storing program for executing the method
JP4654988B2 (en) Image processing apparatus and program
JP6969331B2 (en) Image data output device and program
Mallery Secure file deletion: Fact or fiction?
JP2005184545A (en) Image forming apparatus
JP4976759B2 (en) Image processing device
JP2004287549A (en) Method for erasing data from removable media, computer program, and recording media
JPH0553891A (en) Information processor
JP4419772B2 (en) Printing system, printing control program, printing method, and electronic device
JP2004118322A (en) File information management device
JP2006264130A (en) Printer
JPH07140947A (en) Method of erasing picture display

Legal Events

Date Code Title Description
AS Assignment

Owner name: XEROX CORPORATION, CONNECTICUT

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ZIPPRICH, ANDREW J.;TALBERT, BRUCE E.;BUNKER, KEITH G.;REEL/FRAME:012490/0553

Effective date: 20011018

AS Assignment

Owner name: BANK ONE, NA, AS ADMINISTRATIVE AGENT, ILLINOIS

Free format text: SECURITY AGREEMENT;ASSIGNOR:XEROX CORPORATION;REEL/FRAME:013111/0001

Effective date: 20020621

Owner name: BANK ONE, NA, AS ADMINISTRATIVE AGENT,ILLINOIS

Free format text: SECURITY AGREEMENT;ASSIGNOR:XEROX CORPORATION;REEL/FRAME:013111/0001

Effective date: 20020621

AS Assignment

Owner name: JPMORGAN CHASE BANK, AS COLLATERAL AGENT, TEXAS

Free format text: SECURITY AGREEMENT;ASSIGNOR:XEROX CORPORATION;REEL/FRAME:015134/0476

Effective date: 20030625

Owner name: JPMORGAN CHASE BANK, AS COLLATERAL AGENT,TEXAS

Free format text: SECURITY AGREEMENT;ASSIGNOR:XEROX CORPORATION;REEL/FRAME:015134/0476

Effective date: 20030625

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCF Information on status: patent grant

Free format text: PATENTED CASE

CC Certificate of correction
FPAY Fee payment

Year of fee payment: 4

FPAY Fee payment

Year of fee payment: 8

AS Assignment

Owner name: XEROX CORPORATION, NEW YORK

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK ONE, NA;REEL/FRAME:037736/0638

Effective date: 20030625

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 12

AS Assignment

Owner name: XEROX CORPORATION, CONNECTICUT

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A. AS SUCCESSOR-IN-INTEREST ADMINISTRATIVE AGENT AND COLLATERAL AGENT TO BANK ONE, N.A.;REEL/FRAME:061388/0388

Effective date: 20220822

AS Assignment

Owner name: CITIBANK, N.A., AS AGENT, DELAWARE

Free format text: SECURITY INTEREST;ASSIGNOR:XEROX CORPORATION;REEL/FRAME:062740/0214

Effective date: 20221107

AS Assignment

Owner name: XEROX CORPORATION, CONNECTICUT

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS AT R/F 062740/0214;ASSIGNOR:CITIBANK, N.A., AS AGENT;REEL/FRAME:063694/0122

Effective date: 20230517

AS Assignment

Owner name: CITIBANK, N.A., AS COLLATERAL AGENT, NEW YORK

Free format text: SECURITY INTEREST;ASSIGNOR:XEROX CORPORATION;REEL/FRAME:064760/0389

Effective date: 20230621

AS Assignment

Owner name: JEFFERIES FINANCE LLC, AS COLLATERAL AGENT, NEW YORK

Free format text: SECURITY INTEREST;ASSIGNOR:XEROX CORPORATION;REEL/FRAME:065628/0019

Effective date: 20231117